10.0(14) Caveats

This section describes possibly unexpected behavior by Release 10.0(14). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(14).

AppleTalk

• The interface-specific pre-FDDItalk "allowed" flag is initialized incorrectly, disallowing any FDDI interfaces from hearing neighbors that might be operating in pre-FDDItalk mode. One workaround is to enter the command appletalk pre-fdditalk , which enables reception and recognition of pre-FDDItalk multicast packets for RTMP. [CSCdi21262]

Basic System Services

• If no tacacs-server hosts are configured, login attempts on lines configured for tacacs login will be rejected. This is different from historical behavior. [CSCdi28420]

• 64MB RP board can cause the router to be reset with no warning. Console seems to get hung when the problem occurs. [CSCdi38918]

EXEC and Configuration Parser

• The lat enable command is accepted on serial interfaces even if the encapsulation set on that interface is known to not support LAT. [CSCdi29158]

• The debug source error command is undocumented, but is displayed when you issue a debug source ? command. [CSCdi46253]

IBM Connectivity

• Under extremely heavy loads sessions may be dropped between routers performing remote source route bridging with local-ack enabled. The workaround is to ensure that the llc2 ack-delay-time is not set too short. [CSCdi16481]

• Ethernet Type Code 80d5 to Token Ring translation is currently configured by means of the source-bridge enable-80d5 global command. This translation cannot currently be configured on a per interface basis. [CSCdi27426]

• Need to configure 'source-bridge passthrough' for the ethernet pseudo ring on both routers. [CSCdi30427]

• RSRB peers appear to be in a normal state--open or opening--but no traffic can pass through. Under normal circumstances, opening or closing peers should change the state to open. Once the remote-peer statements are removed and reconfigured, peers become operational. [CSCdi36072]

• I have requested that a knob be added to the code to allow users to specify using hexadecimal in their configs and show commands instead of always using decimal. This would allow the "show source" command to display the ring numbers in hex not decimal. [CSCdi43869]

• Logical Link Control, type 2 (LLC2) ping functions do not exist. [CSCdi43876]

Interfaces and Bridging

• AGS+, 7000 may cause the downstream neighbour to beacon upon reload [CSCdi21159]

• When in a dual homed configuration the fddi interface can be placed in a THRU A mode when a concentrator does not complete PCM in 100 ms. [CSCdi26198]

• When issuing multiple Shutdown in succession, this can cause the 4000 NIMS below revision 3 to reload. This is a known hardware problem and the only work around is to upgrade. [CSCdi27420]

• On 7xxx series routers, interfaces configured to use the Silicon Switching feature may under-count input bytes. [CSCdi32500]

• 4000 router with IP fastswitched over token ring may crash with bus error at PC 0x3B104, address 0x5FF9766. [CSCdi34096]

• Fddi interface on AGS+ cbus1 fci cards rarely go adminstratively down in as yet undetermined circumstances. Workaround is to configure a " no shutdown " to bring the interface back up. [CSCdi35144]

• Small buffers may fail to be released causing the input queue to go to 76/75. Recovery is to reload the router. Since the queue fills slowly, a temporary workaround is to increase the size of the input queue. [CSCdi39529]

• When using 7000 router in a large IPX network, there is a possibility for the router to reload with a bus error pointing to an address like 0x1110C142. This issue is fixed by the microcode level SP10-14 or SSP10-14. This issue does not occur if ipx route-cache cbus is not enabled. [CSCdi46295]

IP Routing Protocols

• The problem is that show ip prot does not display the "Routing Information Sources" for OSPF. It should show the same info that is available under show ip ospf neig.

  Currently show ip prot correctly displays the Routing Information Sources for IGRP and BGP. [CSCdi17881]
  

ISO CLNS

• First of all, interface static routes are always up, regardless of the interface state. The fake adjacency created in this case should probably vary based on the interface state. Secondly, next-hop static routes do not get added/withdrawn from the IS-IS database if they point through an adjacency learned through IS-IS rather than ES-IS and the adjacency goes up or down. [CSCdi19594]

Novell IPX, XNS, and Apollo Domain

• In contradiction to IPX-EIGRP, RSUP has no concept of autonomous system, i.e. all SAPs are 'shared' by the system. There's no difference between SAPs coming in from one AS and those coming in from another AS.

  This also means that SAP updates are sent to all IPX-EIGRP neighbors, regardless of the AS to which these neighbors belong to. This way, SAP updates are injected into other ASs while the routes to the services in these SAP updates aren't.
  

  The result is a lot of useless SAP traffic going to the IPX-EIGRP neighbors of other ASs and a bunch of unreachable services in the SAP tables of these neighbors. [CSCdi50611]
  

TN3270

• A ttycap entry with two colons in a row or a colon at the end of one line and the beginning of the next will fail to be interpreted correctly. [CSCdi27822]

Wide-Area Networking

• The dialer-list x LIST y required for dialer interfaces to work. PPP looks for a "real" interface with appropriate PPP state. [CSCdi17733]

• When assigning a DLCI to a subinterface using the frame-relay inverse arp command, the system does not retain the configuration and the write terminal command does not display the configuration. See the documentation for the frame-relay interface-dlci command for information about assigning multipoint subinterfaces. [CSCdi27916]

10.0(13) Caveats/10.0(14) Modifications

This section describes possibly unexpected behavior by Release 10.0(13). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(13). For additional caveats applicable to Release 10.0(13), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(14).

IBM Connectivity

• When router is configured with SRB/RSRB it may experience loss of memory. [CSCdi40888]

• Under the condition where two token ring interfaces are attached to the same physical token ring and where either:

  A) an all routes explorer is generated on that ring
  

  B) a packet with a rif that indicates that the packet should go back onto the token ring it originated on
  

  will cause a bridge loop and cause router cpu to rise as well as increase ring utilization.
  

  This bug fix makes the router check the rif in further detail. [CSCdi48577]
  

• On any interface defined as encapsulation sdlc, attempting to add an SDLC address lower than all SDLC addresses already defined on the interface will cause the SDLC address poll chain on the interface to become corrupted, resulting in one or more SDLC-attached devices not being polled. Workaround to this problem is to either reload the router, or remove the SDLC address definitions and re-add them in ascending order of addresses. [CSCdi53646]

• The LAN Network Manager (LNM) fails to link to the router's source bridge after the Token Ring interface is shut down on the remote router. The show lnm bridge command continues to display Active Link to the LNM. This problem does not occur when bridges are linked locally to the LNM. The workaround is to remove the source-bridge command from the Token Ring interface and configure it back in. [CSCdi53954]

• A Sniffer trace shows duplicate ring numbers in the RIF when proxy explorers are in use. New SNA sessions fail to connect to the FEP. The workaround is to issue the clear rif command. [CSCdi55032]

ISO CLNS

• ISIS fails to install more then one Level2 route in the CLNS routing table, when there are multiple equal-cost paths to the other area available. As a result there is no CLNS loadbalancing for destinations in another area. [CSCdi48162]

10.0(12) Caveats/10.0(13) Modifications

This section describes possibly unexpected behavior by Release 10.0(12). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(12). For additional caveats applicable to Release 10.0(12), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(13).

Basic System Services

• If a "show config" and a "wr mem" are done simultaneously, there is a window whereby the system can crash because the NVRAM gets write- protected from under the "wr mem" operation. This causes the box to reload continuously. [CSCdi40434]

• A 2500 series router with dual FLASH banks will reload with a '%software forced crash' error after a configuration is entered through initial setup feature. This error only occurs if both FLASH partitions have an IOS image loaded. The workaround [CSCdi42808]

IBM Connectivity

• When running RSRB FST traffic where the first IP hop is out a Token Ring interface, in extremely rare situations a possible memory corruption may occur. This will result in a Software Forced crash. This condition only exists in 10.0, only on 2500,4000,4500 platforms, and only with the above circumstances. [CSCdi36871]

• The Find Name NetBIOS broadcast is sent from the Token Ring interfaces even though the proxy-explorer and NetBIOS name caches are configured on the interface. To workaround, run back-level software. [CSCdi41972]

• Memory corruption, unknow. I have to put this release-note in, or else ... will bug me everyday. Will put complete release-note in once we get enough information. [CSCdi42898]

• If a router receives a source-route bridging (SRB) packet with bit 2 of the routing control field set, the router might send back a bridge path trace report frame to a group address, instead of to the source of the original frame. This can cause congestion. [CSCdi47561]

IP Routing Protocols

• A router running OSPF may restart with a bus error under extremely rare conditions. [CSCdi25568]

• A system running OSPF might reload when configuring a controller T1 with a channel-group time-slot assignment. [CSCdi43083]

• IP traffic received on an interface, destined for a device located off of that same interface will be process switched in IOS version 10.0 even with the ip route-cache cbus and ip route-cache same-interface commands applied to the interface. This problem can manifest itself as higher CPU utilization.

  Workaround: The ip route-cache same-interface command in conjunction with the ip route-cache cbus command work correctly to autonomously switch ip traffic in IOS version 10.3. [CSCdi43811]
  

• Attempts to route Internetwork Packet Exchange (IPX) packets by Routing Information Protocol (RIP) or by Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) might fail on primary serial interfaces. Failure can occur when the subinterfaces were configured for IPX routing before their primary interface was. [CSCdi44144]

• Enhanced IGRP might announce IP summary routes that have the metric value set too high. This can make the applicable networks unreachable. [CSCdi46290]

Novell IPX, XNS, and Apollo Domain

• A 400 byte block of memory is allocated for the SAP table each time a new service type (like type 4 - fileserver) is heard by the router. That block of memory is not released when the last SAP of that type disappears from the table. In unusual cases this can cause the appearance and symptoms of a memory leak if there is a device on the network that is generating non-existant SAP types. [CSCdi42651]

Wide-Area Networking

• When a Called Line Address Modified (CLAM) facility is encoded in an X.25 Call Confirm packet, a subsequent Clear issued by the router for that VC will encode the VC addresses without encoding a CLAM facility. This is contrary to the specification for Clear packet encoding. [CSCdi39381]

10.0(11) Caveats/10.0(12) Modifications

This section describes possibly unexpected behavior by Release 10.0(11). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(11). For additional caveats applicable to Release 10.0(11), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(12).

AppleTalk

• On a large AppleTalk network with redundunt links, CPU utilization may increase dramatically due to heavy recalculation for each neighbor's update as a result of an unbalanced (lopsided) routing table search tree. [CSCdi39372]

IBM Connectivity

• A router configured with remote source route bridging over token ring with FST encapsulation may stop forwarding packets to the remote peer if fast-switching is enabled. The workaround is to disable fast-switching on the token ring interface connected to the remote peer. [CSCdi36686]

• Netbios connections occasionally fail to connect through remote source route bridging when local acknowledgement is enabled. The workaround is to disable local acknowledgement. [CSCdi37525]

• After you configure a LAN Network Manager (LNM) PC with a bridge definition that contains the target interface MAC addresses on the router, watch for the following behavior. If a no source-bridge local-ring bridge-number target-ring command is entered for one of the interfaces previously configured on the LNM PC and a Link Bridge command is then entered on the LNM PC, the router halts with a bus error indication. The only workaround is to ensure that no source-bridge local-ring bridge-number target-ring commands are not executed on the router after you define the target LNM server bridge on the LNM PC. [CSCdi41997]

Interfaces and Bridging

• The 5 minute input and output rate counters may reflect rates that are higher than the actual rate when fastswitching, autonomous switching, or SSE switching. [CSCdi30206]

• On the BRUT partner product (2500 variant co-developed with DEC) when an Ethernet interface goes down the output of a show interface still shows the Interface as being up. The SNMP Replies are also incorrect. This problem has been resolved in 10.0(10.5), 10.2(8.1) and 10.3(5.1) releases of the code. [CSCdi37135]

IP Routing Protocols

• When executing the "no router ospf" command, a system reload occurs. [CSCdi33077]

• When the eigrp process receives a hello packet from a neigbor, it tries to send an update packet, but this process of sending an update packet can be suspended by the eigrp process. When the eigrp process gets scheduled again to send the update packet the neighbor could be dead and all of the internal data structures for that peer (neighbor) could have been erased, which confuses the eigrp process and results in the generation of wrong bus address. [CSCdi35257]

• This bug exist in all releases. Customer will find that the router does not remove LSA which is MAXAGE, either because of the local router ignoring the acknowlegment or the remote router failing to generate acknowlegment. This will further prevent the router from re-learning route which is once removed but then becomes available again. [CSCdi36150]

• EIGRP neighbor tables do not reflect correct uptime. Entries show "never" in the uptime colume. Must manually clear ip-eigrp neighbor from table to start timer on uptime. [CSCdi36672]

• EIGRP retains summary route with incorrect metric if learned by multiple paths. [CSCdi37985]

• router display following cpu hog messages and trace back:

  Jul 27 15:09:54 harvard-gw 526: %SYS-3-CPUHOG: Task ran for 3520 msec (44/7), Process = OSPF Router, PC = 243182 Jul 27 15:09:54 harvard-gw 527: -Traceback= 3E206 24318A 22F204 Jul 27 15:09:54 bbn3-gw 325: %SYS-3-CPUHOG: Task ran for 5964 msec (99/40), Process = OSPF Router, PC = 243182 Jul 27 15:09:54 bbn3-gw 326: -Traceback= 3E206 24318A 22F204 [CSCdi38044]
  

• In some rare circumstances, the router may suddenly cease to respond to commands or forward packets. Power-cycling the router may be necessary in order to recover. [CSCdi39471]

• OSPF sometimes create intra-area host route which point to itself during route flapping. This fix resolves the problem. [CSCdi39623]

ISO CLNS

• A memory leak exists when ISO-IGRP is redistributed into ISIS. Running ISO-IGRP under any other circumstances does not cause memory leaks. [CSCdi30219]

• Getting system reloads while routing CLNS and errors on the console:

  null db: null ibn in clns, xs_sending process = clns input, ipl=0, pid=30 traceback = 0x28376, 0x24608C, 0x24652A [CSCdi34841]
  

• When running ISO-IGRP and a CLNS route goes in holddown and gets deleted, a memory leak of 128 bytes will occur. This can happen very frequently in a normal network. The final result will be that the ISO-IGRP process will use most RAM memory, and the router will become unreachable and stops functioning. A reboot is the only way to get the router going again. [CSCdi39191]

Novell IPX, XNS, and Apollo Domain

• In highly redundant topologies containing backdoor paths a routing loop may occur when running IPX-EIGRP. [CSCdi38319]

VINES

• Current behavior is to send Vines redirects to an all 'F's broadcast at both the data link and network layer addresses.

  A redirect should to sent to a data link unicast address and a vines network broadcast address. [CSCdi38016]
  

Wide-Area Networking

• CLNS over multi LAPB encapsulated serial interfaces is not compatible with other releases of software. The sympton is that the 10.0 software will not recognize adjacent neighbors. [CSCdi38249]

10.0(10) Caveats/10.0(11) Modifications

This section describes possibly unexpected behavior by Release 10.0(10). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(10). For additional caveats applicable to Release 10.0(10), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(11).

AppleTalk

• If an 'extended' route is heard for a non-extended equivalent in the routing table, it gets converted to extended. This should not be happening if the 'extended' route is also a poison route (distance 31). In rare circumstances this can cause route instability. [CSCdi33321]

• Corrected the problem which prevents router to run in pre-fdditalk. [CSCdi33873]

• The command no appletalk protocol eigrp causes the system to dereference Null (during a bcopy() the source address is Null), which causes the system to reload because the bcopy() routine uses a ld instruction to read 8 bytes at [CSCdi34264]

• Corrected the problem which prevents users from clearing neighbor entries. [CSCdi35099]

• Corrected the problem which prevents the router to invalidate the old cache entries. [CSCdi35967]

Basic System Services

• Seriously oversized NTP packets (or packets addressed to UDP port 123, whether they are actually NTP or not) can cause memory corruption and failure to sync time correctly. [CSCdi34786]

• If the system clock is set previous to 1961, NTP will cause the time to converge to 1927 instead of 1995.

  This should never happen unless the clock is set by hand, or the fix to CSCdi34786 is not installed.
  

  The workaround is to set the clock (using the "clock set" EXEC command) to a time that is roughly correct (or at least later than 1961); NTP will correct the time from there. [CSCdi36101]
  

• Interrupting the output from the show registry command by quitting at the more prompt can produce a SYS-3-CPUHOG error message. [CSCdi36133]

• If the Intial Setup Dialog is skipped by doing a Control-C, in some instances the following message appear on the router: "%ALIGN-3-SPURIOUS: Spurious memory access made at 0x605D8228" This caveat has been resolved in 10.0(10.4), 10.2(7.3), 10.3(4.4) releases of the software. [CSCdi36925]

EXEC and Configuration Parser

• For Frame-relay subinterfaces specifying link-type will be a must i.e. there will be no default link-type as shown below:

  goldy(config)#int s0 goldy(config-if)#encapsulation frame-relay goldy(config)#int s0.1 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link goldy(config)#int s0.1 % Incomplete command.
  

  Previously multipoint type used to be the default for FR sub-interfaces. [CSCdi32283]
  

IBM Connectivity

• Proxy explorers may cause a XID storm when two router share two or more rings. A workaround is disable proxy explorer on one of the routers. [CSCdi32948]

• Issuing "show lnm interface token-ring x/x" will loop indefinately when soft errors are present on the token ring. [CSCdi33378]

• Sometimes after a reload, peers may stay in an opening state.

  Possible workarounds are: (1) delete proxy explorer, reload and add proxy explorer, or (2) remove the peer and then add the peer. [CSCdi34242]
  

• When determining the next wakeup time for the REM component of Lan Manager, the router may incorrectly wakeup at the later of two times, instead of the earlier of two times. This may produce jerky behavior of the REM as errors get reported in groups based on the time of the last error, instead of being reported based upon their individual times. This problem happens for 24.5 days out of 49 days. [CSCdi35914]

• When the configurataion command stun schema name xxxx length xx format hex is entered, it is executed correctly. If the config is then written to memory, the keyword hex is saved as hexidecimal. This causes an error at reload and the command will be rejected. The workaround is to remove the command from the config prior to reload and re-enter it after the router has booted. [CSCdi36328]

• The source-bridge proxy-explorer command causes broadcast storms on the network when an explorer is sent for a non-existant destination MAC address. A trace of the token ring shows excessive LLC explorer frames and the router console does not accept keyboard input. It has to be reloaded to recover. The work around is to remove the source-bridge proxy-explorer command from the token ring interfaces. [CSCdi36718]

Interfaces and Bridging

• In high traffic environments, FSIP8 will get FCICMDFAIL messages and may eventually get 8010 fsip_reset due to multiple command timeouts. The command timeout was caused by a long path in the fsip firmware during the memd read on trasmit. fsip10-8 fixed this problem by splitting the memd read on transmit into 32 bytes chunks and enablinginterrupts between the chunks. [CSCdi27451]

IP Routing Protocols

• OSPF external route is not removed even when the external route is no longer being redistributed at the ASBR. [CSCdi32647]

• Backup interfaces fail to send EIGRP hellos out when the link comes up after the primary link goes down. This seems to occur when the backup interface is in a standby mode for longer than a day or so. [CSCdi33558]

• If an IGRP or RIP routing process is configured, but no routing update has been sent in the last 24 days (e.g. if there are no "line protocol up" interfaces available) then routing updates may be suppressed for up to 24 days before resuming. [CSCdi33918]

• Internal/External routes fail to propagate in IP-EIGRP when heard from candidate defaults. [CSCdi33968]

• Modify BGP to support the most recent change in the RFC specification so we will support optional parameters in the OPEN message. [CSCdi34002]

• A router acting as an OSPF Area Border Router may incorrectly run out of free memory. [CSCdi34206]

• Under certain unknown conditions, the router may reload after adding a passive interface to an EIGRP routing process. [CSCdi34641]

• An ICMP packet with erroneous information in the options field can cause an unscheduled restart. [CSCdi34709]

• In Release 10.3, when an interface is configured with WAN type encapsulation, for example, Frame Relay, the ip ospf hello-interval 10 configuration on that interface is lost upon reload. The problem is caused because the ip ospf interface commands appear before the encapsulation command in the configuration. This fix solves the problem by moving ip ospf interface commands after the encapsulation command. You may experience the same problem when the fixed image is reloaded the first time. Just reconfigure the ip ospf interface commands and do write terminal. This will reorder the command in the NVRAM, and the configuration will be retained upon next reload. [CSCdi34779]

• If an interface configured as passive-interface, EIGRP will not remove it from its topology table whenever the interface is shutdown or unconfigured. [CSCdi34952]

• This bug exists in all release. It happens when more than one serial interface are configured to be on the same subnet, and this subnet fall in the range of the network command. In this condition, if some of this serial interfaces are not functional, for example, are shutdown, OSPF will not aware of it and it is possible for OSPF to use this non-functional interface as output interface in SPF calculation. The result is that OSPF select wrong output interface for route to other border area router, as shown by show ip ospf border-router, it will further cause summary and external route not to be installed in the IP routing table. [CSCdi35182]

• This bug exists in all version. The system may crash during show ip ospf delete-list. This fix solves the problem. [CSCdi35275]

• The "no ip address" command, when used with IP-EIGRP may cause unnecessary meemory use. A portion of memory is not freed up on the router. [CSCdi35696]

• When determining what time to flush neighbor entries from its tables, EGP may incorrectly wakeup at the later of two times, instead of the earlier of two times. This may produce a clumping behavior of neighbor aging, but should not produce any other problems. This problem happens for 24.5 days out of 49 days. [CSCdi35916]

• With Enhanced IGRP-IP, if a default network is known through an interface that is shut down, the show ip eigrp top act command shows the default network via the down interface, and CPU utilization for EIGRP can measure 40 percent to 50 percent. [CSCdi36032]

• When used with Enhanced EIGRP, the no ipx network and no appletalk cable-range commands might cause unnecessary memory use. [CSCdi36141]

• This bug is introduced into 10.0(10.2), 10.2(6.4), 10.3(3.5) and 11.0(0.7). It causes the OSPF area border router not advertise summary LSA for connected loopback interface and connected multi-access network where has no neighbor exist into other area. [CSCdi36186]

• This bug exists in all versions. OSPF will not install external route associated with external LSA which forwarding address happens to match secondary address of a connected network. [CSCdi36946]

• Telnetting to the router with a loose or strict source route will cause the router to hang. [CSCdi37213]

ISO CLNS

• Issuing the command "show isis route" may cause the router to reload. [CSCdi35145]

Novell IPX, XNS, and Apollo Domain

• The router should not listen to RIP requests or RIP replies from network nn if the ipx router rip and no network nn commands are entered. These commands are normally used to disable RIP when IPX Enhanced IGRP is running on the interface. [CSCdi33838]

• Router running Novell may crash with a bus error at PC 0x319369E, address 0xE9F8030C [CSCdi34022]

• When IPX networks are defined only on subinterfaces (i.e., no IPX network is defined on the primary interface), "ipx route-cache" commands (which must be issued on the primary interface) are not allowed and/or not generated correctly in the configuration. [CSCdi34331]

• With many IPX services in the router and IPX RSUP is enable, there is a chance for the router to reload if the following command is entered show ipx eigrp neighbor server [CSCdi34361]

• Setting the ipx output-sap-delay and output-rip-delay commands to large values might prevent normal updates from occurring. To fix this, four new commands have been added. The ipx default-output-rip-delay and ipx default-output-sap-delay commands set global defaults for all interfaces. The ipx triggered-rip-delay and ipx triggered-sap-delay commands set the per-interface values for the interpacket gap in Flash memory and poison RIP/SAP updates. This value overrides the settings of the ipx output-sap-delay and output-rip-delay commands. If you normally configure a large interpacket gap, configure these commands to have small values. [CSCdi34411]

• Configure rsup-only on LAN interface and unconfigure it. Write term displays the unconfigured command, no ipx sap-incremental eigrp 1 rsup-only It should not be displayed. [CSCdi35236]

• On systems which do alignment and spurious memory reference checking, configuring Novell (IPX) with a SAP queue maximum value may cause ALIGN-3-SPURIOUS log messages. Removing the SAP queue limit is a workaround. [CSCdi35867]

• When disabling IPX RIP using the commands ipx router rip followed by no network nn, the system should not disable SAP, but should disably only RIP. [CSCdi36015]

• Two global commands have been added that allow you to set the default value of the IPX triggered SAP delay and triggered RIP delay. These commands are ipx default-triggered-rip-delay and ipx default-triggered-sap-delay. [CSCdi37833]

TCP/IP Host-Mode Services

• The system fails to forward IP Directed Broadcast packets. UDP FORWARD-PROTOCOL UDP port # must be configured as a workaround. [CSCdi34839]

• The RLOGIN process is not flushing the pending output correctly. [CSCdi36259]

• When spanning tree flooding is enable on an interface, the system does not check for directed broadcasts on the directly connected interfaces and will discard the packet. [CSCdi37183]

VINES

• vines single-route has no effect on routes learned via RTP. Enabling SRTP on the router and all its neighbors works around the problem. [CSCdi34071]

• The 10.0 code for fast switching VINES over FDDI can cause VOID frames to be transmitted onto the FDDI ring. The VOID frames only occur when a new FDDI cache entry are is created. This problem does not affect any other release. [CSCdi34315]

Wide-Area Networking

• Frame-relay dynamically learned DLCI's, created by the use of inverse arp, cannot be cleared using the clear frame-relay-inarp. [CSCdi26027]

• A command has been added that allows you to enable and disable Frame Relay inverse ARP on all protocols of a router interface. The frame-relay inverse-arp enables inverse ARP on all protocols that were enabled before you issued a no frame-relay inverse-arp command. The no frame-relay inverse-arp command disables inverse ARP on all protocols of a router interface. [CSCdi33792]

• Certain packets (such as ICMP packets) can be corrupted by the BRI interface on Cisco 2500 series and Cisco 3000 series routers. [CSCdi33942]

• When the session-timeout interval expires, the protocol translator now closes the outgoing PAD connection, returns the terminal line to an idle state, and displays the following message:

  [Connection to remote X.121 address idle too long; timed out] [CSCdi34009]
  

• When doing bandwidth-on-demand over rotary groups of async or serial lines, traffic stops while a line is being dialed. [CSCdi34276]

• 1) atm pvc VCD takes VCD from the range of 1 through MAXVC, while it should have taken only the VCD in the range of 1 through (MAXVC-1).

  2) atm pvc command accepts peak-rate and average-rate in the range of 64k to 150,000kbps on a TAXI AIP while it should have taken each no more than 100,000kbps.
  

  3) atm rate-q command accepts bandwith of a rate-q in the range of 1 to 150Mbps on a TAXI AIP, while it should have only taken any rate-q with bandwith no more than 100Mbps. [CSCdi34371]
  

• Appletalk phaseI over ATM is incompatible between 10.2 (or earlier) and 10.3 (or later) images. I.e. if one end of ATM cloud runs 10.2(or 10.0) image and the other end runs 10.3(or 11.0), they can't communicate in atalk-I. [CSCdi35118]

• A received Call that encodes local facilities (i.e. using a local facility marker) will have those facilities processed as if they were standard facilities. [CSCdi36424]

• atm pvcVCD VPI VCI ENCTYPE ? gives wrong help string of "Average rate", while it should have been "Peak rate". [CSCdi36687]

10.0(9) Caveats/10.0(10) Modifications

This section describes possibly unexpected behavior by Release 10.0(9). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(9). For additional caveats applicable to Release 10.0(9), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(10).

AppleTalk

• Routes will be stuck in routing table after failing sanity check while configuring static routes. [CSCdi31428]

• CSCdi31098 introduced an error where some AT/EIGRP update packets from neighboring AT/EIGRP routers would be dropped with an indication that they were received with an incorrect DDP checksum.

  The update packets are, in fact, not being generated with an incorrect checksum. However, the error in question causes the packets to be dropped regardless of whether or not the packets' checksum is correct.
  

  The easiest work-around is to disable DDP checksums on the router running AT/EIGRP and dropping update packets and indicating checksum errors. [CSCdi31812]
  

• On a large AppleTalk network, high CPU utilization may occur due to a highly lopsided routing tree. [CSCdi32063]

• Corrected the problem which prevents the router to run in pre-FDDItalk mode. [CSCdi33270]

• When routes associated with zones would age out, the network entry would not disassociate itself with the zone. When that network entry was relearned, an additional network-zone association would form. The result is multiple appearance of the same network number in the zone table as viewed by the SHOW APPLE ZONE comand.

  Restarting the router will clear the table. [CSCdi33691]
  

• Routing Table Maintenance Protocol (RTMP) routes are sometimes not aged correctly, resulting in a continually increasing update time. Although the RTMP path is updated, the route in the routing table is not. As a result, the user does not see the route timer and state change. [CSCdi34053]

Basic System Services

• There are a few instances of the NO MEMORY error message where the arguments will not be printed correctly. This should not be a problem, as the included stack trace will pinpoint what part of the system was attempting to allocate memory. [CSCdi31811]

• If an NTP authentication key is configured, and an NTP packet is received with that authentication key, but the key has not been configured as "trusted" (via the "ntp trusted-key" command), and later the key is configured as being trusted, packets containing that key may not authenticate correctly.

  The workaround is to re-enter the "ntp authentication-key" command for that key again, or to reload the system (with the "ntp trusted-key" command included). [CSCdi33390]
  

EXEC and Configuration Parser

• The problem concerns various IPX, appletalk, vines issues involving redistribution and certain ipx network statements. [CSCdi30589]

• write term command output could have some bogus keywords in front of global commands. Interface specific and router specific commands are in tact. [CSCdi31923]

IBM Connectivity

• CDRM from FEP to FEP across RSRB will not operate when local ack is enabled. [CSCdi31353]

• Problem found in FEP to FEP STUN configuration using SDLC-TG with local acknowledment. Router has been found to ignore UA's flowing from to FEP. [CSCdi32105]

• Turning on proxy explorers caused the router to be in a hung state as it was putting the packets on the same ring more than once, which is a violation of SRB protocol. [CSCdi32284]

• TEST/XID frames are dropped by the cisco box. [CSCdi32976]

• Router crashes at random, with symptoms of memory corruption. The "fix" that introduced this problem was integrated in 10.0(7.5) via bug id CSCdi28103. This is specific to RSRB environments only. [CSCdi33945]

Interfaces and Bridging

• When it is shut down, you will see an MTU of 8136 bytes reported in a show interface tokenringx/y output on a Cisco 7000. This is a cosmetic error, as the 7000 tokenring interface does not support this MTU size. The output of this command is correct when the interface is enabled. [CSCdi30947]

• When SSE source-route bridging a packet that we would normally route, e.g., an IP packet, the packet may become corrupted. [CSCdi31569]

• On a router doing Source Route Bridging if Silicon Switching is enabled, SRB packets which are destined to the routers own MAC addresses are mistakenly Source Route Bridged as well. This problem is resolved in 10.0(9.1), 10.2(5.4), 10.3(2.4). [CSCdi32742]

• A software race condition can cause systems with an SSP to generate incorrect hardware failure messages. These messages will include the string "sse_bridge_on" or "sse_bridge_off". The behavior of the system after such a race condition occurs is unpredictable. [CSCdi33607]

IP Routing Protocols

• [no] ip summary-address can cause the router to reload. [CSCdi23646]

• When the auto-summary address range overlaps with the manual configured summary lists range, or when there is more than one manual configured summary lists and the range overlaps, there is a chance that both the summary address and the specific address are advertised. The specific address is supposed to be suppressed. [CSCdi26268]

• EIGRP over slow X.25 link can cause the router to reload. [CSCdi29892]

• If an interface is configured with an IP secondary address and the ip access-group in command, the router will not respond to pings or Telnets directed to the interface secondary address if the ping or Telnet comes into the router on an interface other than the interface configured with the ip access-group in command. [CSCdi30011]

• Receiving a fragmented packet can cause the input queue counter to go negative. [CSCdi30204]

• Routes are not distributed between different IP and Enhanced IGRP processes. This problem occurs only when you enter certain commands, such as clear ip route *, ip address, transmit-interface, and mtu inteface. The workaround is either to retype the redistribute router commands or to reload the configuration file either from NVRAM or over the network, depending on the location of the configuration file. [CSCdi30575]

• This bug exist in all release, the system always generated IP packet with identification field as zero. This cause problem when the packet is fragmented and those fragments arrive the destination intermixed with fragments from other packets. The recieving end will not be able to reassemble correctly without a useful identication. The fix solves the problem. [CSCdi30818]

• In IP-EIGRP, a candidate default is not advertised during a candidate route state change. [CSCdi31833]

• $IGNORE [CSCdi32358]

• This problem is introduced in 10.0.(8.2), 10.2(4.5) and 10.3(1.2). The customer will find the ABR (Area Border Router) not advertise summary LSA (Link State Advertisement) about the connected secondary subnet into other areas even if the network has cover it. There is no workaround. [CSCdi33467]

ISO CLNS

• Static CLNS interface routes clns route nsap-prefix interface-type [snpa-address] over X.25 encapsulation don't get removed from the routing table when the specific interface is down. [CSCdi33029]

LAT

• The default terminal-queue entry-retry-interval is 60 minutes instead of 60 seconds. In some cases this can cause VAX LAT print queues to stall for up to 60 minutes even when the printer is idle. A workaround is to configure an explicit terminal-queue entry-retry-interval 60. [CSCdi31720]

Novell IPX, XNS, and Apollo Domain

• The ipx route-cache cbus command is accepted and displayed in write terminal output even when ipx is not enabled on that interface. [CSCdi31249]

• When deleting a network from the ipx router eigrp command, the RSP reloads and the 4500 prints out spurious memory access message. [CSCdi32071]

• Some versions of the Novell MPR appear to drop RIP poisons (network unreachable, hopcount 16) if the delay field is set to 0. This tends not to be serious since if the network is really gone, it will age out within 4 update periods.

  Under some circumstances, a triggered update indicating that a network is unreachable may be sent with a delay value of 0. This change makes sure that the delay field is always non-zero. [CSCdi32097]
  

• $IGNORE [CSCdi32606]

Protocol Translation

• Telnet negotiation on a PAD to TCP translation session can hang causing an opened telnet session with no login prompt from the host. A workaround is to configure a terminal type on the vtys used for translation. [CSCdi31420]

TCP/IP Host-Mode Services

• On the destination subnet, the directed UDP broadcast packets are being sent with a incorrect UDP checksum. [CSCdi31731]

VINES

• The show protocols command does not display VINES metrics correctly. It displays all metrics as 16 times their actual value. Use the show vines command to view correct metric numbers. [CSCdi31770]

• System can halt unexpected while processing redirects received on a Token Ring interface. There is no workaround. [CSCdi33132]

Wide-Area Networking

• Packets can be corrupted over BRI interfaces under some conditions. This results in lower throughput than would normally be expected across the BRI connection. [CSCdi25792]

• Entering the encapsulation frame-relay configuration command may cause sub-interfaces to reset superfluously and cause other frame-relay related commands to disappear from the configuration. A side effect of this behavior is that the configure network command may fail to appropriately configure subinterfaces. [CSCdi26572]

• PRI line connected to DMS100 switch may cause router to reload when call is disconnected if the caller ID received contains no digit information [CSCdi28158]

• If a user sets up the MAXVC limit via atm maxvc MAXVC then configures an atm pvc with a VCD beyond the MAXVC, the system dose not generate an error message. [CSCdi30007]

• The show atm map dose not page its output. [CSCdi30966]

• The atm framing G804 applies to both E3 and DS3 PLIM, but it should only apply to E3. It cannot apply to DS3 PLIM because it would affect connectivity. [CSCdi31226]

• Under heavy load a switched X.25 VC can, on receipt of a Data or flow control packet, initiate a spurious Reset with a diagnostic of "unidentifiable packet" (code 33.). [CSCdi31358]

• ATM MAXVC is configurable. However, the command line help from atm pvc ? dose not reflect the MAXVC correctly. [CSCdi31801]

• X.25 interfaces that use priority IP encapsulation (DDN mode) will clear a Call if a Call Confirm does not explicitly confirm the requested priority. [CSCdi32872]

• There are some small cases where PPP authentication may not complete due to it believing the remote is requiring us to authenticate. [CSCdi33142]

• When a routing protocol is removed, Frame Relay removes all dynamic maps that reflect this routing protocol. In doing so, there was a hole in the code that would free a PVC pointer before the status of all routing protocols had been checked, leading to crashes within decnet, novell and appletalk routines.

  Furthermore, quite significant fixes to handle crashes caused by the "no ipx network" command, CSCdi31520 and CSCdi32606, have also contributed to the cure. [CSCdi33336]
  

10.0(8) Caveats/10.0(9) Modifications

This section describes possibly unexpected behavior by Release 10.0(8). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(8). For additional caveats applicable to Release 10.0(8), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(9).

AppleTalk

• When use on serial interfaces, the no appletalk send-rtmp command may have the unintended side effect of causing the router to never fully enable AppleTalk routing on the serial interface. The workaround is not to use this command on serial interfaces. [CSCdi29674]

• Fast switched packets is not counted for the MIB variables: atForward and atOutput. [CSCdi30028]

Basic System Services

• The router cannot detect a shortage of buffer elements and thus does not create new ones. This causes the router to drop packet even though there are ample packet buffers. The show buffers command output shows many buffer element misses. [CSCdi29379]

• If a system is set to be an NTP master, eventually other systems will refuse to synchronize to it. There is no workaround. [CSCdi30293]

• NTP cannot send broadcast packets with the authentication option. There is no workaround to this problem. [CSCdi30746]

• The regular expression parser's magic meta delimiter character "_" doesn't match the "{" or "}" characters. [CSCdi30769]

• Default automatic boot from flash, when the booting method is not specified, will fail with a bus error on 4500 routers. The router will properly boot after this bus error. Configuring boot system flash is the workaround. [CSCdi30783]

• NTP broadcasts are always sent to the interface broadcast address, which defaults to 255.255.255.255. Unix NTP daemons typically will not receive on this address. [CSCdi30808]

• The NTP process may generate a CPU HOG message under extreme circumstances. There is no workaround to this problem. [CSCdi31176]

DECnet

• A router receiving a MOP connection request through its serial port for one of its LAN port addresses responds with the LAN port's burnt-in address instead of the actual hardware address. If the requesting host uses the DECnet-style MAC address of the router in the request packet, the host will not recognize the response packet sent by the router because it sees a different address in the "source" field. This causes the requesting host to time out on the connect request. [CSCdi26991]

• The low end fast switching code for DECnet should send a packet down to process level if it determines that the packet is a Phase V packet. This way, it will be converted and sent to CLNS for further processing.

  This fix has already been applied to 10.3 (as part of 28141) and is being added to 10.0 and 10.2 as well. [CSCdi30372]
  

EXEC and Configuration Parser

• The router crashes if the output stream from a show appletalk zone command is waiting at a "More" prompt and the router deletes routes or zones at the same time. [CSCdi28127]

• You cannot have more than 999 elements in the hold queue. This limit is too low. [CSCdi28903]

• Commands that write configurations directly to NVRAM (for example, config overwrite) mistakenly make the software believe that the user has changed the running configuration, and so may cause the software to prompt the user to save the configuration before the reload command is executed. [CSCdi29177]

• Enable secrets offer greater security for enable passwords when the "encrypted" version is allowed to leave the cisco box (either by doing a "write net" or doing a "write term" over a telnet session). [CSCdi30273]

IBM Connectivity

• On a 7000 with SRB configuration, when a packet with path tracing(e.g: decnet pings) passes thourgh a CTR interface, the following message will be displayed on the router console:

  %LINK-3-BADMACREG : Interface, non-existant MACADDR registry for link 0 -Process= "*Sched*", ipl = x -Traceback = hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh hhhhhhhh [CSCdi16761]
  

• Fast-Switched packet counts for Source-route Bridged (SRB) frames are not included in show interface tokenring n accounting output. [CSCdi19982]

• When using prioritization with remote source-route bridging, the number of packets in the TCP queue for a given peer can exceed the number specified in the maximum output TCP queue length (specified with the source-bridge tcp-queue-max command). The workaround is to turn off prioritization. [CSCdi27718]

Interfaces and Bridging

• When using Flash load helper to copy a new image into Flash memory, the system might panic and return back to the system image without carrying out the copy request. With long filenames, a buffer overflows, resulting in the resulting crash.

  The buffer can hold only 56 characters (54 when the flash is partitioned into multiple partitions). Thus during the copy operation, the sizes of the source and destination filenames together must be less than or equal to 56/54 ASCII characters (not including null terminators).
  

  Evidence of the crash can be detected using the show flh-log command. Because the affects of the buffer overflow might be unpredictable, the output may vary. When the copy fails, the show flh-log command output shows that a new image was not copied to Flash memory.
  

  If the source and destination file names are less than 28/27 characters, this problem is not be seen. [CSCdi26920]
  

• This problem occurs in bufferin fsip code. Custom/priority queueing will not work properly on an overdriven (high traffic) serial link. This has been fixed in 10.0(8.3), 10.2(5.1) and 10.3(2.2) - bundled with fsip10-7. [CSCdi28181]

• When an FSIP serial line is highly utilized and the idle code is set to mark (not Flags), the output of the show interfaces command may show a high number of aborts. As a workaround, use FSIP 10.7, which fixes the problem. [CSCdi28278]

• When doing SSE switching, an increase in the MTU size on an interface is not being tracked properly. This caveat has been resolved in 10.0(8.3), 10.2(5.1) and 10.3(2.1) releases. [CSCdi29876]

• Specifically only on later model cisco 2515's, there is an interoperability issue between the 2515 hardware design and the software image that will prevent the image from being able to correctly set the ring speed on the token ring interfaces. This is not an intermittent problem - if a particular 2515 has been working with this image at a given ring-speed, then it will not suddenly begin experiencing this problem. [CSCdi29927]

• Load balancing while SSE switching CLNP causes the SSE to forward incorrectly. [CSCdi30465]

IP Routing Protocols

• While running EIGRP, the router may crash with a bus error due to memory corruption. [CSCdi24171]

• All subinterfaces will be created with split-horizon enabled. [CSCdi27249]

• If a virtual link is configured, the router can place external LSAs into the retransmission list of virtual neighbors but then never send the LSAs out. When these external LSAs become invalid, that is, they reach their maximum age, the router cannot remove them because the LSAs are still in some neighbor retransmission lists. This means that these external LSAs get stuck forever in the link-state database. You will see external LSAs with arbitrarily high ages stuck in the link-state database. [CSCdi27964]

• An IP packet that is destined for the address 0.0.0.0 is accidently routed instead of being treated as a broadcast packet if the system has a route to 0.0.0.0 in the routing table. The workaround is use 255.255.255.255 as the broadcast address. [CSCdi28929]

• EIGRP fails to remove the redistributed routes information from its topology table as soon as possible. [CSCdi29346]

• This bug happens for OSPF over multi-access network, for example, ethernet, X.25 etc, provided the OSPF cost to the network for the attached routers are configured to be different. For a destination behind the common network, the system still calculate the correct shortest path cost to it, however, the output interface will always be the one connected to the common network, even though it is not the one leaded to the shortest path cost. No workaround available. But there is no serious impact, like looping, other than packet will take a slightly higher cost path. This fix solves the problem. [CSCdi29411]

• The fix allow interface with multiprotocol LAPB encapsulation to be configured as ip unnumbered. [CSCdi29756]

• EIGRP traffic can get stuck on NBMA (Non-Broadcast Multi-Access, for example Frame Relay) interfaces with multiple neighbors, hence very slow convergence can happen. [CSCdi30181]

• This bug appear in 10.3 only. Customer will notice that there are multiple entry of external LSA 0.0.0.0 from the same advertising router stored in the database. It can further cause problem in adjacency forming and sequence of OSPF error messages about external 0.0.0.0 is lost and reinstalled. The only work around is not generated LSA 0.0.0.0. That is, do not use default-information originate command. The fix solves the problem. [CSCdi30733]

• Error messages of the form "DUAL-3-LINKSEXIST" would appear on any exec login with message logging enabled when interfaces running EIGRP would be restarted. In fact, there was no error and the error message was superfluous.

  This error message will now appear only in situations where an interface is being restarted and EIGRP has not removed any active neighbor entries from it neighbor table. [CSCdi30981]
  

Novell IPX, XNS, and Apollo Domain

• When a new adapter is inserted into the router after it is booted, the interface short name is missing from commands like show ipx server [CSCdi27331]

• The SAP hop count for a server whose internal network number is learned via Enhanced IGRP should be the external hop count plus one. (The external hop count is the number following the Enhanced IGRP metric in brackets in the routing table entry). [CSCdi29455]

• If, when <CmdEnv>ipx gns-round-robin<NoCmdEnv> is enabled through configuration, a Get Nearest Server request for a service type for which there are no services is handled, but there was recently one or more services of this type, a traceback message will be generated to the console/syslong due to improper handing of this request. [CSCdi29764]

• In a network with a mixture of routers running 9.1 and 9.21 or later cisco images, where one or more of the 9.1 units are using ipx helper-address network.ffff.ffff.ffff where network is some network other than -1. IPX NetBIOS filters will not be enforced on the helpered packets when they are received on the 9.21 or later units. [CSCdi30101]

VINES

• The output of the 'show vines timer' command does not correctly indicate whether or not the query timer is running. The word 'none' should be displayed when the timer is not running, instead of the time 00:00:00. [CSCdi29590]

• The VINES address the router retains to assign to clients is not incremented after it is assigned to a client until the router receives an update (RTP or SRTP) from the client. This leaves a short window in which duplicate address assignments can occur. [CSCdi29886]

• When an interface is looped back, the router will report that a duplicate vines address is present in the network. This message is cosmetic, and does not affect the functionality of VINES. [CSCdi30090]

• Metric values in VINES ICP metric notification packets are bitshifted 4 positions. This causes higher metric values and can cause timeout delays during the retransmission process. [CSCdi30821]

• Source route information contained in SRTP Redirect packets may not be placed in the router's RIF cache with multiring configured on the interface. This causes loss of connectivity with the client workstation across the source-route bridge on the token ring. [CSCdi30962]

Wide-Area Networking

• When using the dialer load-threshold on BRI, PRI or dialer interfaces and the configured load is exceeded, the router place calls while there already is a call being setup but not fully established yet. The router should wait for the additional call to be up before dialing new ones. [CSCdi27357]

• When bridging over DDR using the dialer map bridge command, spanning-tree BPDUs are not transmitted over the DDR link. To work around this, use the dialer string command. [CSCdi27419]

• When using the appletalk address (non-extended) configuration of an SMDS interface, no aarp cache is kept. As such, every appletalk packet requires an aarp. Even in smds multicast aarp is not configured, this can have a detrimental impact on cpu utilization. [CSCdi27891]

• DLCI's can not be reassigned to subinterfaces from a primary interface. [CSCdi28765]

• When using remote source-route bridging over a DDR connection using direct encapsulation, a LINK-3-BADMACREG message is displayed. [CSCdi29352]

• Decnet and CLNS routing updates packets can not be configured to be interesting or uninteresting. The following configuration commands are added: dialer-list 1 protocol clns_es permit/deny, dialer-list 1 protocol clns_is permit/deny, dialer-list 1 protocol decnet_node permit/deny, dialer-list 1 protocol decnet_router-L1 permit/deny, dialer-list 1 protocol decnet_router-L2 permit/deny, [CSCdi29388]

• It is possible to fool the X.25 software into believing an an X.25 SVC is a PVC if the interface is rapdily shut down and brought back up. [CSCdi29850]

• If, under rare and poorly understood circumstances, the router initiates an XOT connection, sends a Call packet, and the remote XOT host violates the protocol by returning a Call packet instead of a Call Confirm, the router will reload at some later time. [CSCdi30338]

10.0(7) Caveats/10.0(8) Modifications

This section describes possibly unexpected behavior by Release 10.0(7). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(7). For additional caveats applicable to Release 10.0(7), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(8).

AppleTalk

• When MacIP services are configured on a router which does not have a IP Domain Name defined, the MacIP server will fail to deliver an IP address to requesting clients. The workaround is to configure the commserver/router with a IP Domain Name (via the configuration command ip domain-name xyz.com) [CSCdi26851]

• When the address of a non-existant AppleTalk neighbor was supplied to the command show appletalk neighbor<CmdNoBold>, the command would print a result similar to:

  No such neighbor, 28765.233
  

  and 27865.233 would not be the address supplied as the argument to the command.
  

  The fact that no neighbor exists for the supplied address was correct and true information; the address printed in the output string was incorrect in that it did not match the supplied address. [CSCdi27550]
  

• When using the command broadcast-deny with AppleTalk access-lists, Name Binding Protocol (NBP) FwdReq packets are not passed. This prevents users from opening a connection over that link through the chooser. [CSCdi28036]

Basic System Services

• IP helpering on other than HDLC serial lines is not working. [CSCdi25881]

• A protocol translator could get into a telnet TTY-TYPE negotiation loop with a device that does not negotiate TTY-TYPE. [CSCdi26990]

• This bug exist in version 9.1, 10.0 and 10.2. When forwarding BOOTP reply which original UDP checksum is non-zero, the box will recalculate the UDP checksum before forwarding it. However, the checksum is calculated incorrectly so the BOOTP client will reject it. The fix solves the problem for 10.0 and 10.2. [CSCdi27277]

• An unexpected loss of memory can occur whenever a X.25 and/or Frame Relay VC is created or destroyed. This condition can be avoided by enabling Vines routing. Issue the command vines routing. [CSCdi27348]

• When running very large IPX route tables that change frequently, the route can fragment memory to a point where telnet conmnections to the router are refused and messages like "Low on memory" and "No memory available" may appear during certain operations. You likely have this problem if the "Free(b)" Is much larger than "Largest(b)" in the show memory output. [CSCdi28549]

DECnet

• When disconnecting MOP sessions memory is not returned to the system. This results in a decrease in available system memory, which can lead to memory shortage after a number of connects/disconnects. [CSCdi26664]

EXEC and Configuration Parser

• Performing a write terminal when the router is low on memory may cause a router reload. [CSCdi27503]

• If you choose the default value for packet rate on a frame-relay broadcast-queue, the broadcast queue will resort to all default values when the router is rebooted. Workaround is to choose a packet rate other than the default which is 36. [CSCdi27784]

• When entering a? in configuration mode on a 2500 running from flash, a reload occurs. [CSCdi28258]

IBM Connectivity

• When using the source-bridge ring-group global command, the ring number must be specified in decimal. The parser will not accept a hexadecimal ring number (for example '0x4F3').

  The hexadecimal format can be used on the source-bridge interface subcommand. [CSCdi25671]
  

• A router token ring interface which is configured for Source-Route Bridging will insert into a ring with a different ring number, and will attempt to forward Source-Route Bridge frames based on its incorrectly configured ring number. Correct behavior would be to shut down the interface which is incorrectly configured. [CSCdi27354]

• Proxy explorer caching and responding with last rif. [CSCdi28103]

Interfaces and Bridging

• If bridging is enabled on an SSP but SSE bridging is not used, and SSE routing is used for a protocol, then the SSP can route packets which appear on the local LAN but which were not intended to be routed by the router. [CSCdi26048]

• Bandwidth of token-ring interfaces always set at 16000 Kbit regardless of the actual wire speed (4Mb/16Mb). [CSCdi27243]

• Using ip accounting<CmdBold> and ip route-cache sse<CmdBold> will cause incorrect accounting results. [CSCdi27289]

• Silicon switched bridging could cause infrequent crashes after flushing the cbus bridge cache. [CSCdi27293]

• Attempting to configure SSE bridging on a serial interface corrupts CxBus data structures, resulting in various errors. SSE bridging on serial interfaces is not currently supported. [CSCdi27322]

• When using the Clear Interface command, for a serial interface, on the the 4000, the system will automatically send back an unnecessary traceback. The traceback(s) are only detectable when the Debug Serial Interface is turned on. [CSCdi27597]

• The 2T NPM cannot fill the bandwidth for small sized packet traffic. The work around is the following: In the configuration mode, use the following commands: Interface serialn, transmitter-delay>2. This will reset the interface to the default delay of two flag characters between every two packets. [CSCdi27991]

• AGS+ with CBUS II, all ethernet ports show 'line up protocol down' after running for a while. [CSCdi29204]

IP Routing Protocols

• OSPF can fail to remove invalid inter-area and external route When OSPF get a Summary LSA/External LSA with mask changed, which is made more possible as supernetting is used, it could fail to remove the route that use the old mask from the routing table. [CSCdi24752]

• Invalid IPX EIGRP routes persist after a topology change. [CSCdi27623]

• For OSPF non-backbone area which has multiple connections to the backbone, if serial link within the non-backbone area flaps, a race-condition could happen so that a host route is created within the non-backbone area and points to the wrong direction. This will resulted in a routing loop.

  This host route is an inter-area route created from one of the summary LSA, which should be flushed already but is not, advertised by one of the area border router.
  

  Doing clear ip route will not correct the situation as the summary LSA will cause the host route being inserted to the routing table again. The only workaround is to restart the OSPF process on the area border router.
  

  This fix correct the problem by flushing the summary LSA correctly in 10.0, 10.2 and 10.3. [CSCdi27987]
  

• OSPF sometimes will not flush the summary LSA generated from inter-area route when the route goes away. This fix solves the problem for 10.0 and later release. [CSCdi28318]

• EIGRP may not send HELLO packets if a new neighbor is added on a new interface after the router has been up for 23 days. This will prevent routing information from being exchanged with the new neighbor. [CSCdi28412]

• OSPF spf calculation can hog the CPU. Message: %SYS-3-CPUHOG: Task ran for x msec (y/z), process = OSPF Router is shown on the router console. [CSCdi28526]

• Router crashes when enabling eigrp after changing encapsulation from smds or frame-relay to x25. [CSCdi28660]

• EIGRP may meltdown because of inadvertently generated updates. [CSCdi29132]

• During the inital Neighbor Establishment phase, the EIGRP neighbor router gets stuck in an unexpected state. The result of this is that Neighbor don't recognize each other and hence do not exchange routing information. Symptoms of this problem are Neighbors dropping in and out of the Neighbor table as seen in the output of a "sh ip eigrp neighbors". This problem was found in 10.0(7) and has been resolved in 10.0(7.5) and 10.2(4.1). [CSCdi29152]

• Candidate default routes are not correctly marked in the routing table of the router. [CSCdi29599]

ISO CLNS

• When a Level1/Level2 router (ISIS) has connectivity to another area via a redistributed prefix route, the attached bit is not set in the Level1 LSP packet. This event prevents Level1 routers from using the Level1/Level2 routers to reach other areas. [CSCdi27560]

• VAXcluster Alias Hellos Causes Instability In Phase IV Routing Table. [CSCdi28141]

Novell IPX, XNS, and Apollo Domain

• when using IPX SAP filter using wildcard character '*', the last character before '*' is ingored. For example, given the access-list access-list 1000 permit -1 0 SAN* Server SAM should be denied, but it is accepted. [CSCdi27294]

• The ipx watchdog-spoof command is written to non volatile memory before the dialer commands are written, upon a reload the system will complain about DDR not being enabled and will not enable watchdog spoofing. Instead of enforcing watchdog spoofing on dialer configured interfaces allow spoofing on all serial or dialer interfaces. [CSCdi27326]

• The hop count values for the static routers are set incorrectly after the interface go through the transition. This occured with eigrp-ipx. Has been fixedin later releases. [CSCdi27557]

• There is a memory race condition that can cause the router to crash when show novell server command is entered. This behavior is not consistant but it happens more often for large IPX network. [CSCdi27622]

• When the XNS code receives an error in the error protocol packet, it should not generate an error packet according to the XNS protocol spec. This is to avoid an infinite loop. [CSCdi28336]

• When we reply to a General SAP Request for a Specific Service and there are morethan 7 services of that types the multiple SAP packets are not obeying the specified inter-packet delay of 55ms [CSCdi29224]

Protocol Translation

• The quiet option in the translate command is not properly handled over serial lines configured for x.25 in versions 10.0 and 10.2 IOS. [CSCdi27086]

TCP/IP Host-Mode Services

• Packets forwarded by the any-local-broadcast option of ip forward-protocol spanning-tree fail to be fastswitched on the 7000 and AGS+ [CSCdi27257]

• In 10.0(7) only, the router will not forward a UDP directed broadcast packet. This causes ip helpering to fail if a directed broadcast address is configured as the ip helper address. [CSCdi27280]

• When the sequence number for a TCP connection grows so large that the right edge of the window rolls over to zero, the usable window size calculation fails to calculate the correct usable window size. [CSCdi27537]

VINES

• When a neighboring system changes MAC addresses between RTP or SRTP routing updates, the system may unexpectedly halt. A neighboring system may change MAC addresses for any number of reasons: swapped interfaces, started up Decnet, or mac-address interface command was used. Issuing clear vines neighbor on the system can prevent the system halt. [CSCdi27038]

• A static can inadvertently disappear if it is overridden by dynamic routing information of equal metric or if SRTP is enabled or disabled. The static route can be recovered by readding it manually. [CSCdi29213]

Wide-Area Networking

• Improved the negotiation time of PPP encapsulated ISDN call setups over the BRI interface. [CSCdi21126]

• When entering the isdn caller interface command and the same number is entered, the entry is duplicated. [CSCdi24295]

• In some instances, when a Frame Relay subinterface with an inactive DLCI has been administratively shut down by a user, it may exit the shutdown state and return to the active state even though the DLCI is still in an inactive state. [CSCdi25156]

• After removing a dialer map from a BRI interface, the router may reload. [CSCdi26228]

• Dynamic maps created by inverse arping on a dlci may cause static maps to be removed from the working configuration of the remote system. The dynamic maps will then take precedence over static maps. [CSCdi27375]

• Packet and byte counters for protocols that are fast-switched over Frame Relay are not correctly incremented and displayed in the show frame-relay traffic command . Proccess switched counts are correct. [CSCdi27509]

• When a 4000 or a 4500 places or receives a call on a serial line, the line goes up, then down, and then up again, instead of going and staying up. The router then believes that the call is an incoming call. This happens only with the Hitachi HD64570 serial controller; the Mostek MK5025 works fine. [CSCdi27742]

• In the 7000 series, using the MIP card for channelized T1 (12 timeslots) with a multipoint frame relay circuit, broadcasts may not be sent to the dlci's. This issue has been resolved. [CSCdi27954]

• When removing dialer maps from a BRI configuration, the router may reload. To work around this problem, shutdown the interface before removing a map. [CSCdi28180]

• Changing the Hardware address of an ATM static-map list would cause some pointer corruption and eventual system crash. The example below show the scenario for creating this corruption/crash.

  map-list aa ip 1.1.1.1 atm-vc 8 broadcast ip 1.1.1.1 atm-vc 10 broadcast no ip 1.1.1.1 atm-vc 10 [CSCdi28730]
  

• Deactivation timer does not turn off when the system receives an activation pending in order to pass bridging measures tests for the 2500s. This issue is resolved. [CSCdi29246]

• DTR dialing does not work with PPP encapsulation. Even though the console shows the line going up and down, no traffic goes through, and the serial interface is still spoofing. To work around this, use HDLC or X.25 encapsulation. [CSCdi29249]

• This patch resolves two problems. The first is that the router would not transmit frames on an ISDN Primary Rate Interface (PRI) due to an incorrect count of available transmit buffers.

  The second problem only applies if the isdn switch-type primary-dms100 command is used. In this case when the router attempted to initiate the ISDN link the DMS100 switch would take all the B-channels out of service.
  

  As of release 10.3(1) the router will never attempt to initiate the link to a DMS100 ISDN switch. [CSCdi29291]
  

10.0(6) Caveats/10.0(7) Modifications

This section describes possibly unexpected behavior by Release 10.0(6). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(6). For additional caveats applicable to Release 10.0(6), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(7).

AppleTalk

• Memory gets fragmented when AppleTalk is turned on. [CSCdi25115]

• Global Appletalk ARP commands have a side effect of changing the router ID number for AppleTalk Enhanced IGRP. There is no workaround. [CSCdi25786]

• The exec commands show appletalk eigrp events<CmdUnbold> and show appletalk eigrp sia-events<CmdUnbold>. These commands will display the past 500 AppleTalk/EIGRP events which have occured on a router.

  The global configuration command appletalk rtmp gc-interval<CmdUnbold> has been added to allow users to configure longer intervals between AppleTalk RTMP route garbage collections. Increasing the RTMP garbage collection interval can decrease the CPU load on a router running AppleTalk RTMP which is experiencing route flapping, but users should be aware that increasing the garbage collection intervals results in the AppleTalk RTMP process keeping process memory which could be returned to the system free list immediately for a longer time. [CSCdi25924]
  

• If AppleTalk is started after the router has been up for more than three weeks, RTMP updates will not be sent out of the router.

  The workaround to this is to enable AppleTalk before the router has been up for three weeks, or to reboot the router before enabling AppleTalk. [CSCdi26137]
  

• When an AppleTalk distribution list is defined with at least one zone entry and no network entries, it is necessary to include access-list numberpermit other-access as part of the access-list. Otherwise, improper filtering of routing updates occurs. [CSCdi26233]

• ZIP GetNetInfo Request packets that contain the zonename, '*', are not correctly handled. Some printers generate this type of request when starting. There is no workaround. [CSCdi26491]

Basic System Services

• For the Cisco 2505 and 2507 platforms, performing an SNMP GET or GETNEXT of the objects rptrAddrTrackLastSourceAddress and rptrAddrTrackNewLastSrcAddress (these objects are defined in RFC 1516) results in the loss of 15 bytes of router system memory. Repeated occurrences of this could result in system failure. Note that these two SNMP objects are supported only on the Cisco 2505 and 2507 platforms. An SNMP GET or GETNEXT of these objects on other Cisco platforms does not cause any memory loss. [CSCdi26624]

DECnet

• Router crashes with a Software crash after a 'sh decnet route' [CSCdi23535]

IBM Connectivity

• In situations where dial backup is being used to secure connectivity between two Remote Source-Route Bridging (RSRB peers), if direct encapsulation (rather than TCP or FST) is used on the dial backup line, the RSRB traffic will not traverse this path even though the dial connection is made and other protocols can pass. Explorer frames will pass through the direct encapsulation peer, but frames with non-broadcast Routing Information Fields (RIFs) will be unable to traverse the dial backup link. [CSCdi20418]

• If there is a shortage of memory in the router at the time it is opening a Remote Source-Route Bridge (RSRB) peer, some of the capabilities exchange may be lost. This can result in some of the RSRB frames that should traverse this peer failing to do so, even though the peer is in an Open state. The correct behavior would be to refuse the peer connection if there is insufficient free memory for the peer capabilities exchange, and provide a message to the user indicating that this has occurred. [CSCdi21016]

• Some endnodes don't respond to an IEEE XID command. This can cause entries in the router RIF table to prematurely age out. Future releases will handle this unusual interoperability circumstance by adding a configuration command.

  If the configuration command rif test-explorer is set, an IEEE TEST command will be used for finding the routes.
  

  NOTE, the in 10.3 and later using of IEEE TEST command is the default behavior.
  

  In 10.3 and later, the configuration command rif xid-explorer can be used if there is a need to use IEEE XID commands for finding the routes. [CSCdi26687]
  

Interfaces and Bridging

• On AGS/AGS+/MGS/CGS routers the show controller mci and show interface serial commands erroneously display the state of serial interfaces' RTS, CTS, DTR, and DSR lines. Since the MCI controller cannot actually detect the state of those signals, they should not be displayed. [CSCdi15343]

• If a system has more than ten Token Ring interfaces and the command show lnm interface is issued, the output may show the interfaces out of sequence. [CSCdi16847]

• A token ring interface may get stuck in an "initializing" state during initialization if a large amount of fast-switched traffic is destined for that token ring interface. [CSCdi19039]

• When TCP/IP routing is enabled along with transparent bridging on the same interface, some SNAP encapsulated TCP/IP packets with destinations on the same network segment may be bridged to other networks. [CSCdi23944]

• In order for the routers to work with true SDLC Multidrops using IBM or IBM compatible modems and telco lines, you need to tie DCD to DSR on the remote modem connections to the PU device. This is a workaround. [CSCdi24194]

• When multiple FDDI cards are present in the router, the interfaces in the lower slot positions may lose their downstream neighbors. [CSCdi25764]

• Hitachi based serial ports may not transmit under severe load, resulting from the under-run interrupt not being properly enabled [CSCdi26209]

• This bug was found in the priority packet path( Eh: keepalives, bpdus etc). Holdq_enqueue can fail also due to the lack of available Q elements, in addition to the normal case when the Q becomes full. In such a case, make sure if a tail is present before unqueueing it to accomodate the current priority packet. If there is no tail, just flag failure.

  The crash occured since there was no check for the valid tail. [CSCdi26417]
  

• A static bridge table entry including a frame relay DLCI is written to NVRAM in an incorrect format. The entry is not used upon reload if stored in this manner. A workaround is to configure the static bridge table entry in a host configuration file booted from network at boot time. [CSCdi26433]

• Routers connected to a MIP card (Channelized T1) on a 7000 were unable to use the autoinstall capability. This was due to MIP cards not responding to cisco HDLC SLARP requests. [CSCdi26546]

IP Routing Protocols

• If a UDP broadcast is sent as a physical layer unicast, it will be forwarded even if the protocol is not enabled for forwarding. [CSCdi23360]

• Parameters for the aggregate address command must be entered in a very specific order. A workaround is to use the "?" parser directive to learn what parameter is next expected. [CSCdi25058]

• On an interface with secondary addresses the router replies to ARP requests with the primary address only. [CSCdi25069]

• a summary route is advertised on an unnumbered serial when EIGRP is configured on a single subnetted major network. Use no auto-summary as a workaround. [CSCdi25562]

• Add additional checks on incoming BGP update messages to insure that we catch improperly formatted messages and report them as such. [CSCdi25784]

• The dynamic priority changes only become cumulative when one uses the extended form of the 'standby track' command. standby track if if-priority

• The optional argument specifies how much to decrement the HSRP priority by when that interface goes down. When multiple tracked interfaces are down, these configured priority decrements are cummulative. If tracked interfaces are down, but none of them were configured with priority decrements, the default decrement of 10 is used, non-cummulative.

  Administratively down interfaces are now considered to be down not up by the 'standby track' command. [CSCdi26090]
  

• This bug is introduced in CSCdi23360. It affects both 10.0 and 10.2. It cause the router not to forward any UDP broadcast even though it is configured to do so, for example, by ip helper-address.

  This fix solves the problem. [CSCdi26426]
  

• Packets with a TTL of 128 or greater whose TTL values are checked on systems with 68000 processors are bounced with the message "ICMP Time Exceeded." The cases that are not affected are SSE switching, autonomous switching, and most high end fast switching (TTL checked by microcode). The case that is affected is switching on low-end routers. Notably, our ping and telnet implementations send packets with a TTL of 255. Normal hosts generally use a smaller TTL. This bug was introduced in IOS Release 10.2(1.6); it was resolved a few days later in Release 10.2(1.7), and Release 10.2(1.6) was then removed from /ftp and CIO. [CSCdi26799]

• Config-net causes a race condition with ospf resulting in loss of of some ospf routes. [CSCdi27016]

ISO CLNS

• When a self-generated LSP is received from the net and it appears newer than router's own. If anything other than LSP fragment 1 is received this way, IS-IS attempts to regenerate fragment 1 with this new sequence number. This may cause the IS-IS to regenerate LSP with wrong sequence number. [CSCdi20806]

• If the DR generates a new set of LSP fragments and if, as a result of there being less info to stuff into the LSP, there are less LSP fragments generated, the old high-numbered fragments will not be flushed. This may cause IS-IS not to flush DR LSPs. [CSCdi20807]

• This bug is introduced in 9.21. When tunneling CLNS over IP with GRE, bogus message about bad nsap length is generated by debug tunnel. It is only a cosmetic bug and there is no impact on the normal operation. This fix get rid of the bogus message for 10.0 and later version. [CSCdi25544]

• Some particular pattern of exchange of ESIS and ISIS hello packets can cause the router not to carry out the DR election correctly. The customer may either find the router which is the DR itself do not update its non-pseudo LSP to point to its pseudo LSP, or find that fail to elect itself and thus do not originate pseudo LSP totally. Usually, reconfigure ISIS will solve the problem.

  This fix resolves the problem for 10.0 and 10.2. [CSCdi25656]
  

• The clns fastswitching from FDDI to Ethernet on a different MCI interface is broken. The last byte of the fastswitched packet is corrupted. The only way to prevent corruption is to turn off fastswitching on FDDI.

  The fix solves the problem for 9.1, 10.0 and 10.2. [CSCdi25950]
  

Novell IPX, XNS, and Apollo Domain

• The IPX Enhanced IGRP distribute-list command allows standard access lists only (access lists whose numbers are 800 through 899) only. It should also allow extended access lists (numbers from 900 through 999). [CSCdi25895]

• The token ring XNS encapsulation keywords '3com-tr' and 'ub-tr' were not being accepted by the router, but '3com' and 'ub' are. However, on 'write terminal' or 'write memory' the router would generate '3com-tr' and 'ub-tr', making the keywords not be recognized on the next reboot. [CSCdi25941]

• IPX SAP/ISO encapsulation frames over Token Ring on a CTR or Cisco 7000 that are being sent to an FSIP or HSSI interface are corrupted if the Token Ring frames contain a Routing Information field. There are two workarounds to this problem: (1) Run SNAP encapsulation on the Token Ring, or (2) Issue the no ipx route cache command on the serial interface. [CSCdi26154]

• Shutting down the interface on Cisco 7000 series router causes the router to crash. [CSCdi26423]

• When IPX autonomous switching is enable, router may reload with message "Multibus timeouts". [CSCdi26663]

• Memory corruption by SAP ager can cause the router to crash or can also create weired problems. This has been fixed in later releases of software. [CSCdi26760]

• There seems to be a condition where servers that should be far down in the SAP list remain at the top of the list, even though their tick and hop count may be higher than like SAP-types in the list.

  The temporary workaround:
  

  1) Issue the following global config. command, in order: no ipx sap-uses-routing-info ipx sap-uses-routing-info [CSCdi26827]
  

TCP/IP Host-Mode Services

• The configuration command ip tcp path-mtu-discovery doesn't work. [CSCdi12488]

• Under certain circumstances an RSRB peer going down can cause RSRB/TCP to consume large amounts of CPU time, possibly interfering with existing bridging activity. [CSCdi18544]

• The size of the TCP receive window offered on connections created by RSRB should be configurable for each connection. This requires the additional option tcp-receive-window size for the source-bridge remote-peer command. [CSCdi26327]

• Under heavy RSRB traf via TCP encap, the TCP queue backs up on the sending side to a abnormally high value as seen in the output of "sh source-bridge" This could cause End User interactive traffic like 3270 session to have increased response time. This problem was found in 10.2(1.4) and has been resolved in 10.0(6.1) and 10.2(6.1). [CSCdi26501]

• When using the UDP broadcast turbo-flooding feature on a cisco 7000, interfaces that should receive copies of the broadcast packets may not. [CSCdi26749]

VINES

• The VINES RIF cache becomes corrupted when an end station does an all routes broadcast/nonbroadcast return. The problem is that the router returns a corrupt RIF to the end station. [CSCdi23239]

• Starting in 10.0, the vines "arp", "propagate", and "serverless" commands will dynamically configure themselves. When dynamically configured, it is not clear from the "show vines interface" display whether one of these feature is currently active or inactive. [CSCdi25599]

• Enabling the 'vines decimal-addresses' command should affect all printing of vines addresses. It does not currently affect the printing of access lists, meaning that access lists can not be written to NVram and read back. This also affects a couple of debugging statements. [CSCdi25843]

• The debug vines reinit debugging command has been added to the VINES code to report why SRTP REINIT messages are sent. Also, SRTP packet counters are printed one location to the right of where they should be, and the REINIT counter is not printed at all. [CSCdi26012]

• Add further tests to prevent/ignore extraneous information in a routing update. The specific problem involved the receipt of a routing update where the senders routing information was explicitly listed in the contents of the update. This extra information should be ignored, as the senders routing information is already implicit in the receipt of a routing update. [CSCdi26040]

• This problem occurs when vines is re-enabled in a router after having been disabled for a long period of time. The router will send a large number of routing updates before settling down to the normal 90 second update interval. [CSCdi26049]

• SRTP has a pair of flags that indicate whether the last hop to a server is via a LAN or a WAN. The router was not correctly setting these flags when it learned routes from a non-SRTP neighbor. This flags are not used except for display, so this is a cosmetic problem. [CSCdi26050]

• When the router receives a REINIT message from a neighbor, it removes the routing table entries for that neighbor and all routes reachable through it. This in itself does not cause a problem, but it does not accomplish the purpose of a reinit message. This purpose is to flush the routing information from the entire network, not just the neighbors. Poisoning the routes and advertising them as unreachable in a flash update will correctly accomplish the purpose of a reinit message. [CSCdi26054]

• The router may learn additional routes for the local router. These additional routes will never be used, so the problem is only a cosmetic one. [CSCdi26087]

• In 10.0 and 10.2 there is a mispelled word in vines. "returnaddress" should be "return address". This cosmetic bug is fixed in 10.0(6.1) and 10.2(1.4). [CSCdi26184]

• In 10.0 and 10.2 VINES 'helper' update code shouldn't send empty updates. Fixed in 10.0(6.1) and 10.2(1.4). The routine that sends helper updates was testing the length of the rtp message to determine whether or not it had put any data into a rtp message. It should be checking the length of the data portion of the rtp message, not the length of the entire rtp message. [CSCdi26185]

• When fast switching VINES over a source-route bridged Token Ring network, the router does not build its fast-switching cache entries properly. This prevents communication with stations that are across a bridge from the router. The workaround is to disable fast switching on the Token Ring interface. [CSCdi26288]

• Excessive interface transitions can cause the router to stop sending VINES routing updates on that interface. [CSCdi26300]

• The DDTS is about increasing version number in vines fast switching cache. This 'version number' is almost meaningless, and provides no real insight into what changes are occuring in the cache. [CSCdi26400]

• The problem is if the dynamically learned path to a neighbor disappears and the only remaining path is the placeholder path, then the placeholder path entry maybe corrupted. Once corrupted, the placeholder entry may only be removed by rebooting the router. This problem only occurs when static routes are uses.

  This fix also corrects the problem where the metric on a static route will change after the neighbor it points to is removed from the neighbor table. [CSCdi26701]
  

• Connectivity to remote servers running SRTP may be unexpectedly lost. This occurs when the router is rebooted and comes up after the remote server has marked the route to the router as bad but before the remote server has completely flushed the route out of its network table. This condition can be corrected by issuing the command clear vines neighbor * on an intervening neighbor router. [CSCdi27374]

Wide-Area Networking

• The X.25 software typically does not encode address or facility information in a Call Accepted/Call Connected packet, which some X.25 equipment rejects with a "packet too short" diagnostic (38). [CSCdi21201]

• The command Show frame-relay map incorrectly reports the LMI type ANSI as CISCO. This has no effect on the operation of the ANSI LMI. [CSCdi22669]

• When using dial on demand with PPP and CHAP and dialer map statements, hostnames must be unique. Hostnames such as fred1 and fred are incorrectly considered to be the same. [CSCdi24718]

• To use decnet over DDR, static maps for decnet-router-l1 are required on top of static maps for decnet. This extra configuration should not be required, only static maps for decnet should be necessary. [CSCdi24862]

• Locally switched X.25 Calls will generate a %X25-3-SPURD1 error after a long period of time (typically 3 or more hours after connecting). [CSCdi24989]

• Vines traffic may trigger DDR configured interface to place a call even if an IP access-list is present in the configuration. To work around this problem, configure dialer-list n protocol vines deny as the first one in the list. [CSCdi25136]

• Routing by NSAP (for CMNS) doesn't work. [CSCdi25326]

• The Calling or Called Address Extension facility is formatted improperly in the "debug x25" output. [CSCdi25529]

• A router might reload if the show frame-relay map command has been executed but not completed (i.e. user is waiting at a --More-- prompt). In this situation if the status of a frame relay map that has not yet been displayed changes, the router may crash and reload when the modified map data structure is accessed. [CSCdi25585]

• This fixes 2 problems. First, and most important, the bug fix also enables dynamic routing over ATALK, using EXTENDED mode. Users are now able to configure EXTENDED mode over SMDS interfaces and are no longer required to configure STATIC MAPs for next hop ATALK nodes.

  The following config. will work:
  

  interface serial 0 encaps smds apple cable-range 10-10 apple zone xxx smds address c111.1111.1111 smds multicast appletalk e111.1111.1111 smds multicast aarp e111.1111.1111 smds enable-arp
  

  No STATIC MAP statements are required!
  

  This fix also removes a problem were ATALK would cause SMDS packets to be xmitted with bad Destination Addresses(DA) in the EXTENDED mode config. above. [CSCdi26312]
  

• Systems using frame-relay static maps and running Inverse ARP for the same DLCI will reload when the command show frame-relay map is issued. [CSCdi26416]

• Addition of new ISDN user configuration option. Within an interface context the user can select the isdn configuration option "isdn not-end-to-end".

  This will allow incoming calls to be accepted at a speed of 56K, even though the network has indicated a speed of 64K, provided that the network stated the call was not isdn end to end. (Refer to "debug isdn event" information to see if incoming calls have this information). [CSCdi26477]
  

• The X.25 interface parameter th has an upper limit of the configured input window size; this is too restrictive because SVCs can negotiate larger window sizes. [CSCdi26730]

• Configuring dialer map statements for ISDN links with the "speed 56" option can cause corruption of the command following the map statement when the configuration is saved to non-volatile memory. The dialer-group command normally follows dialer maps and if that command is corrupted, dial on demand routing will not work properly. [CSCdi26974]

10.0(5) Caveats/10.0(6) Modifications

This section describes possibly unexpected behavior by Release 10.0(5). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(5). For additional caveats applicable to Release 10.0(5), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(6).

AppleTalk

• Gleaning of AARP information from DDP packets addressed to the router is no longer enabled by default on LAN (Ethernet, Token Ring, FDDI) interfaces.

  AppleTalk gleaning had been previously been enabled by default to avoid problems which were encountered when testing with Apple Computer's AppleShare 4.0 file server software and the license checking protocol it used. The license check would fail unless the router never timed out AARP cache entries or the router performed address gleaning.
  

  Apple Computer has now issued a revised version of the AppleShare server software which no longer uses the licensing protocol in question; hence there is no need to have address gleaning enabled by default. Address gleaning does result in a very small decrease in AARP traffic on an AppleTalk network, but at the expense of process level packet switching performance. [CSCdi24143]
  

• Issuing the no appletalk glean command on Phase I AppleTalk interfaces causes AppleTalk ARP to fail. To avoid this problem, do not issue this command. [CSCdi24698]

• This DDT will add the new command appletalk rtmp jitter<CmdUnbold> which will allow a user to introduce "jitter" into the RTMP update interval.

  Jitter is useful to avoid convergence of RTMP routine update events in a large network after a long period of time. In large networks, especially "spoke-and-hub" topologies, it is possible that RTMP routing update events will start to synchronize in such a way that rather than routing updates being sent at various points in time during a 10-second interval by various routers in the network, most of the routers in the network will send their RTMP routing updates at the same time as most other routers in the network. This results in heavy packet loads on routers which have many neighbors in the routing topology.
  

  This condition can be avoided by configuring the routers which are most central in the network topology with a jitter of 20 to 30 percent; ie, RTMP updates will be sent anywhere from 7 to 10 seconds after the last routing update has been sent, rather than every 10 seconds. [CSCdi24959]
  

• System crashes at ether_extract_addr and atalk_input. Workaround is to turn off appletalk gleaning by putting a configuration command 'no appletalk glean-packets'. [CSCdi25070]

• CSCdi25131 corrects a mis-printing of the AppleTalk composite route metric whereby very large route metrics would be printed as negative numbers.

  CSCdi25131 also adds the following commands:
  

  clear apple interface<CmdUnbold>
  

  This command will clear and reset the current state of an AppleTalk interface without resetting the underlying hardware interface. If you want to reset or restart the underlying interface or protocol, you should use the command clear interface<CmdUnbold>.
  

  clear apple route-cache<CmdUnbold>
  

  This command will clear the AppleTalk fast-switching cache. Previously, the command clear apple arp<CmdUnbold> was used to clear both the AppleTalk ARP and fast-switching caches simultaneously. [CSCdi25131]
  

• AppleTalk neighbors should be notified with an AppleTalk static route is removed from the configuration. [CSCdi25227]

• When a route comes back to us from "Notify Neighbor", or "Deleted" state, the router should assume that it is a new route and therefore clean the zone list. [CSCdi25458]

• AppleTalk ports can get stuck in the restart state when system uptime is greater than 24.85 days. There is no workaround; you must reload the system. [CSCdi25482]

Basic System Services

• Flash error messages get displayed on the terminal, but not logged. [CSCdi13547]

• Detection and initialization of the flh logging buffer is incorrectly handled possible causing a "booting loop." During power up, reloading, or exception handling the presence of the flh logging buffer is detected by validating a MAGIC value in the buffer header. If the magic value is present the buffer is assumed to be present.

  During power cycling, it's possible for the Magic value to be retained in DRAM even though the contents of the buffer is invalid (and parity has been lost as well). Messages are logged to the buffer during boot up time. This results in a parity error, which in turn tries to log a message to the flh logging buffer. This leads to a double bus fault. The system watchdog timer resets the system and the process repeats.
  

  The following output is seen on the console port:
  

  System Bootstrap, Version 4.0(8), RELEASE SOFTWARE Copyright (c) 1986-1994 by cisco Systems
  

  System Bootstrap, Version 4.0(8), RELEASE SOFTWARE Copyright (c) 1986-1994 by cisco Systems
  

  System Bootstrap, Version 4.0(8), RELEASE SOFTWARE Copyright (c) 1986-1994 by cisco Systems
  

  System Bootstrap, Version 4.0(8), RELEASE SOFTWARE Copyright (c) 1986-1994 by cisco Systems ...
  

  The OK led may also flash at the rate with which the system reboots.
  

  If the system showing this symptom is powered of for a minute and then powered on, the system should boot up correctly. [CSCdi24663]
  

• The Terminal Server crashes if an IP address is specified for network connection to a remote host, at the CS> prompt or in the Connect IP-addr command. The crash would occur if 'rlogin' is the preferred transport protocol for outbound network connections on the user's line. [CSCdi24931]

• The extensions of Show Buffers is unnecessarily available to non-privileged users. [CSCdi24956]

• SNMP MIB variable ciscoContactInfo does not have the new San Jose address. The Menlo Park address is used. [CSCdi25141]

• Excessive processor utilization can result from the tty_background process running more than once per second due to a timer error. This also results in keepalives being sent more often than the configured keepalive interval. This has been observed on systems with an uptime of greater than 49 days. [CSCdi25372]

• MIB variable sysServices does not check for hub ports on 2500 router. [CSCdi25420]

• MIB variable sysServices does not return correct value for application (0x10) instead of 0x07 as described in rfc1213. [CSCdi25442]

EXEC and Configuration Parser

• Dialer maps for DECnet do not display properly when you issue a write terminal command. [CSCdi23564]

• The old form of the frame-relay lmi-type ansi interface subcommand, frame-relay lmi-type Annex D is not accepted by the parser. This can cause an interface to use the incorrect form of LMI after an upgrade from a software version earlier than version 9.21. [CSCdi24881]

• When no default-information originate is used to stop originate a default route, it is possible that the default LSA, for OSPF and ISIS, is not cleaned up and still stick in the database.

  This fix solves the problem for 10.0 and 10.2 [CSCdi25268]
  

Interfaces and Bridging

• MTU larger than 18000 on the low-end reloads the box. [CSCdi19751]

• A STUN multipoint link with 4700 ALA controllers drops connection. When an IBM 4700 ALA polls for the first station, it polls for the second station as soon as it gets a reply. While the IBM waits for a reply from the second station, the first station loses the session. [CSCdi20511]

• The command show interface now displays the signal lead states in the same way as the 7000 series router does. Supported platforms include routers with the Hitachi HD64570 based serial ports; including the 3X04, 2500, and 4T NIM's. [CSCdi23344]

• Attempting to flood out a giant packet can cause the router with bridging configuration reload. [CSCdi23388]

• The command show controller serial X on a 4000 with 4t NIM card does not display correct information. [CSCdi23470]

• Under high process-switched traffic load low-end platforms may build up the input queue counter. [CSCdi24497]

• Extended bridging access lists are not evaluated correctly for flooded packets when the access list is applied on output from an interface. [CSCdi24778]

• When receiving DECnet control packets of an unidentifiable type (usually illegal), the interface can saturate its input buffer space resulting in the interface's being unable to receive additional packets. The input queue (displayed with the show interface command) will show n+1/n packets, where n is the size of the input hold queue. [CSCdi24993]

IP Routing Protocols

• The output of 'show xxx eigrp neighbors' was shuffled around a bit to make room for the Sequence Number. [CSCdi20295]

• When load-balancing IP traffic over multiple equal-cost paths, the system's routing table might reach an inconsistent state, leading to a system reload. Before the inconsistent state is reached, the system must have three or four equal-cost paths for a particular route. A routing update must then be received that causes the system to replace those paths with fewer (but still more than one), better metric paths. This route must then become used for further locally generated traffic. This problem is most likely to be seen after an interface flap (that is, after an interface's line state goes from up to down to up again) in an environment where there are redundant, but not symmetric, interconnections between routers. The problem also seems more likely in FDDI environments, where interfaces flap before fully coming up. These flaps can result in multiple back-to-back routing table changes. [CSCdi20674]

• During IGRP to EIGRP migration, IGRP will only install a route in the routing table if it has a better metric than an EIGRP external route. The metrics are compared by converting the IGRP metric into EIGRP format and matching against the IGRP route (not the external metric).

  EIGRP must do the same before adding external routes to the routing table. It must look up the IGRP route in the routing table and compare metrics.
  

  This occurs only for external routes created by an EIGRP process with the same AS number as the IGRP process adding the route. [CSCdi23765]
  

• Using a 'route-map' to set the origin code of an aggregate entry has no effect. [CSCdi24252]

• $IGNORE

  just a typo fix. [CSCdi24541]
  

• This bug is introduced in 9.21. It happens when tthe router has RIP running on interface that use the ip unnumbered numbered-interface command. If numbered-interface has the ip broadcast command configured, the peer router will not get the RIP update. The workaround is to remove the ip broadcast command from the numbered-interface.

  This fix provides a complete solution for 9.21 and later versions so that the ip broadcast<NoBold> will not cause the problem again. [CSCdi24719]
  

• EIGRP, when it retransmits a packet on a Frame Relay network, the packet is replicated and sent to all neighbors where in fact it needs retransmission to only a single neighbor.EIGRP sends Sequence TLVs on NBMA nets when it does not need to. [CSCdi24733]

• $INGORE [CSCdi24748]

• The BGP subcommand suppress-map keyword of the aggregate-address is parsed incorrectly. [CSCdi24809]

• For the route 0.0.0.0, there used to be a * appear besides it in the output of show ip route. It signals that 0.0.0.0 is always a candidate default route. However, in earlier releases of 10.0 and 10.2, this * is missing, although the 0.0.0.0 is still consider as candidate when calculating gateway of last resort. It might cause some confusion to the customer. This fix solves the problem for 10.0 and later versions. [CSCdi24902]

• When route summarisation is disabled, ie when changing from aggregate-address x.x.x.x m.m.m.m summary-only<CmdBold> to aggregate-address x.x.x.x m.m.m.m<CmdBold> and issuing clear ip bgp x.x.x.x<CmdBold>, may still result in routes being suppressed. [CSCdi25128]

• If the traffic share min<CmdBold> configuration command is in use, (which should ensure the traffic is distributed across routes with minimum cost, in the event of multiple paths), then if a new better route is acquired, it is not used. [CSCdi25133]

• When using FDDI as the only interface for the backbone area of OSPF, it is possible that the router fails to recognized itself as an area border router even if it is configured for more than one area under some wierd conditions. So the router will fail to perform the duty of area border router like originating summary LSA. No simple workaround is available. This fix the problem for 10.0 and later version. [CSCdi25198]

• OSPF may repeatedly retransmit a link-state advertisement with an incorrect checksum. [CSCdi25269]

• EIGRP route communication on startup is not complete for all three EIGRP protocols. This results in missing routes. [CSCdi25328]

• This bug is introduced by the fix of CSCdi24902. When specifing a 0.0.0.0 static route to interface, for example, ip route 0.0.0.0 0.0.0.0 null 0, then 0.0.0.0 is not considered in the default route calculation as it used to be.

  This fix resolve the problem. [CSCdi25453]
  

• OSPF memory leak occurs on Area Border Routers that have to generate summary ASBR LSA's into the backbone for the non backbone area they are connted to . This applies to version 10.0 and later. [CSCdi25820]

Not defined

• In LAT to PAD (X25) translated sessions, a CTRL-S followed by the entry of any character can sometimes cause a continuous stream of empty LAT messages, causing a session disconnect. [CSCdi24491]

Novell IPX, XNS, and Apollo Domain

• When an IPXWAN link is initializing or is down for one reason or another

  ipx router rip no network 0
  

  will appear in the "write terminal" display, if a write memory is done then this will appear in the non-volatile memory configuration file as well. This has no side-effects other than an error message when the "no network 0" is parsed fron non-volatile memory at system startup. These commands are removed from the write terminal output when the IPXWAN link is fully established. [CSCdi24336]
  

• The rsup-only keyword of the ipx sap-incremental command cannot be used on subinterfaces. [CSCdi24492]

• $IGNORE [CSCdi25349]

VINES

• bus error at vrtp_route_update (0x236D92) Found in 10.0(4.6) fixed in 10.0(5.2) and 10.2(1.1). [CSCdi24179]

• When the router transmits an SRTP update in a response to an SRTP request, it miscounts. The transmitted packet is incorrectly recorded as an SRTP request, instead of an SRTP update. [CSCdi24387]

• The VINES 'send' command does not work with early versions of the cisco 9.21 or 10.0 releases. [CSCdi24505]

• Routing VINES over X.25 links might cause the router to unexpectedly reload. [CSCdi24728]

• This ddts greatly enhances the usability of several vines debugging commands through access lists. The new form of these commands are:

  debug vines packet [ <number> ] debug vines route [ <number> ] [ verbose ] debug vines table [ <number> ]
  

  Number is an optional argument, and is an access list in the range of 201 to 300. For the first two commands, if the access list is supplied it will be used to filter debugging based upon the source address in a packet. For the last commands,if the access list is supplied it will be used to filter debugging based upon address in the router's tables. The 'debug vines route' command now only displays the presence of routing messages. Use of the 'verbose' argument will also display the contents of routing updates. [CSCdi25004]
  

• The redirect logic does not correctly delete non-optimal routes when it installs a new optimal route. This does not cause an operational problem as the non-optimal routes will never be used, and will age out of the routing table normally. [CSCdi25037]

• The router loses packets if an SRTP update is received while there are packets on the SRTP reassembly queue from a different SRTP update. [CSCdi25280]

• VINES Crash in vines_best_path_from_delt in 9.21, 10.0 and 10.2. Crash is seen when continuously issuing a "show vines routing" command on one exec process while issuing "clear vines neighbor *" commands on a second exec process. Fixed in 9.21(5.4), 10.0(5.5) and 10.2(1.1). [CSCdi25310]

• The router does not correctly transmit ICP error messages. Instead of including the proper codes to indicate a net or port unreachable, it returns random values. [CSCdi25319]

• Banyan Support has asked for the ability to diable the enhancements added to cisco's VINES RTP support to reduce network overhead. The first enhancement is the split horizon of regular routing updates. The second enhancement is that immediate updates, sent to announce topology changes, contain only the information that has changed. In both of these cases, a Banyan server would transmit the full topology. [CSCdi25325]

• Redundant routers can get into a deadlock state where they continuously exchange unicast RTP messages. This state can last up to three minutes or until broken by information from a third router. This problem has only been seen with the RTP protocol, not with the SRTP protocol. [CSCdi25580]

• When the vines serverless broadcast command is configured in a redundant topology and all other router interfaces are configured with the vines serverless command, a broadcast storm results. [CSCdi25597]

• A "pacing" parameter has been added to the VINES ping command. This allows pings to be limited to a specified rate, for example, one per second, instead of transmitting them as fast as possible. [CSCdi25598]

• The router does not honor the "server nets only" bit in the broadcast class field. This results in extra broadcast traffic on client-only networks. [CSCdi25642]

Wide-Area Networking

• PPP drops LCP options, from config request if rejected by peer. This is not always correct [CSCdi19434]

• Dial-on-demand PPP connections to any router sending an IPCP request with an IP address of 0.0.0.0, such as as Wellfleet router, do not work. The workaround is to have the non-Cisco router propose a valid IP address in its IPCP packet. [CSCdi22160]

• Under very high traffic load (indicated by a high packet loss rate shown in the "output drops" field), PPP Echo Reply packets are not transmitted, and the remote router declares the line down. In the case of DDR connections, the call is taken down. To work around this, use priority queueing and assign the heavy load traffic to the low, normal, or medium queue. [CSCdi22420]

• When running X.25 and LLC2 simultaneously, the router may erroneously reset X.25 calls with diagnostic 33 (Unidentifiable packet). LLC2 is used by RSRB with Local Acknowledgment, SDLLC Media Conversion, QLLC Media Conversion, Lan Network Manager and CMNS. [CSCdi23822]

• The communication server or router may be restarted due to an address error when PAP authentication has been configured on an async line. A PPP client sending an invalid PPP frame may cause this to occur. [CSCdi24013]

• Broadcasts, such as routing updates, are not sent out "receive only" DDR interfaces that have neither a dialer map nor a dialer string configured. Workarounds are to configure a dialer string, or neighbor commands for the routing protocol in use. [CSCdi24060]

• When using IPX over PPP, if the node number is NAK'ed, we continue to ask to negotiate it. [CSCdi24078]

• The ISDN software sends an invalid disconnect cause code for Japan. [CSCdi24172]

• Memory leak in ISDN BRI. PRIM type buffers are lost on ISDN BRI interfaces under heavy activation/deactivation. [CSCdi24495]

• When typing no smds static-map ..., and the map is not configured, an error message is printed with a bogus network address. [CSCdi24672]

• The Frame Relay broadcast queue drop counter is erroneously incremented if a packet can not be sent due to lack of a map entry. These drops should be counted as encapsulation failures, not broadcast queue drops. [CSCdi24700]

• When sending traffic to an interface configured for DTR dialing on a Cisco 4500 series router, the router may reload. The workaround is to configure in-band dialing first, then change the configuration to DTR dialing. [CSCdi24766]

• Serial interfaces are reset every 30 seconds if the link is down. This needs to be configurable as analog modems take more than 30 seconds often to sync up.

  There is a new command [CmdBold]serial restart-time[noCmdBold] which takes a parameter from 1 to 900 which is a time in seconds that this reset should be performed. [CSCdi24868]
  

• The Frame Relay broadcast queue might exhibit drops under high broadcast volume. There will be an increase in "buffer element" misses at the same time the drops happen. [CSCdi25707]

10.0(4) Caveats/10.0(5) Modifications

This section describes possibly unexpected behavior by Release 10.0(4). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(4). For additional caveats applicable to Release 10.0(4), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(5).

Basic System Services

• When using SNMP to get ip routing table, values are missing from the table. [CSCdi22580]

DECnet

• Configuration commands involving the DECnet Level 2 multicast are not consistent. Some of them expect the string "decnet_router_l1" (and "_l2"), while others expect to see "decnet_router-l1" (or "-l2"). [CSCdi22635]

IBM Connectivity

• When applying NetBIOS access lists with rsrb remote-peer access list statements on a system with active SRB traffic, the router may reload due to a bus error. The fix changes the system code so that it handles these conditions in a more graceful manner. [CSCdi18993]

Interfaces and Bridging

• The V.35 DTE and DCE NRZI applique for the AGS+ is not recognized by 10.0 [CSCdi21299]

• The RX DISABLED field has been removed from the output of show interface hssi x becasue it was originally meant to be used as a hardware debugging tool by engineering. It has been confusing to customers who saw the counters increment and thought there was a problem. What RX DISABLED indicates is that the HSSI interface recieve buffers were temporarily filled, and cannot send packets out to slower interfaces. [CSCdi23057]

IP Routing Protocols

• If a majornet route is DEXTERIOR and part of a subnetted net, then the DEXTERIOR bit is not set in the dummy ndb. This may cause <CmBold>show ip route<noCmBold> to fail to show the route as exterior even though it is marked as such. IGRP fails to advertise it as exterior. [CSCdi21943]

• set metric-type internal should nt be constrained to only IGP routes. [CSCdi22735]

• Broadcast addresses can sometimes be put in the IP route cache. This can cause routing updates to stop. [CSCdi22737]

• The OSPF process is accessing a invalid LSA which could make the system to reload. [CSCdi23035]

• RIP periodic routing updates go out to HSSI interface even though the network associated with that interface is not included in "network" sub-command of the "router rip" config. The workaround is to use a "passive-interface hssi 0" for rip configuration. [CSCdi23203]

• Starting from 9.1, the intended default for redistribute ospf command is to redistribute internal route only into EGP, but it is not enforced. This fix solves the problem for 10.0 and later versions. [CSCdi23229]

• The list of aggregate-addresses under the BGP subcommand should be written to NVRAM in order. [CSCdi23532]

ISO CLNS

• The setup command does not prompt per-interface to enable CLNS when CLNS is enabled globally (but is not running prior to running setup). This fix solves the problem for 9.21 and later version. [CSCdi22244]

TCP/IP Host-Mode Services

• User Datagram Protocol (UDP) broadcasts can be flooded even if TTL checks fail. [CSCdi22568]

• When forwarding UDP broadcasts via the spanning tree method, IP local subnet broadcasts are not forwarded. [CSCdi23411]

• Under rare circumstances, an opening TCP connection can get stuck in CLOSEWAIT state. This can also result in a STUN peer session getting stuck in an OPENING state at the same time. [CSCdi23455]

Wide-Area Networking

• Frame-relay and SMDS unnecessarily flush the entire arp cache when changing the encapsulation of the interface. Only the arp cache entries for the affected interface should be flushed. [CSCdi21274]

• When X.25-over-TCP (XOT) sends a Call Confirm that modifies one of the two proposed flow control facilities (window sizes or maximum packet sizes), the values may be set to 0, which is illegal. [CSCdi21602]

10.0(2) Caveats/10.0(4) Modifications

This section describes possibly unexpected behavior by Release 10.0(2). Unless otherwise noted, these caveats apply to all 10.0 releases up to and including 10.0(2). For additional caveats applicable to Release 10.0(2), see the caveats sections for newer 10.0 releases. The caveats for newer releases precede this section.

All the caveats listed in this section are resolved in release 10.0(4).

AppleTalk

• The NBP name cache is not cleared when no appletalk name-lookup-interval is issued. [CSCdi21020]

Basic System Services

• MIB variable ipRouteProto reports EIGRP as IGRP and IS-IS as OTHER protocol. IS-IS is part of RFC1213 describing ipRouteProto variable EIGRP is added. [CSCdi20825]

DECnet

• When updating DECnet access-lists, the new entries are improperly appended to the access-list. This behaviour deviates from the standard access-list behaviour. [CSCdi12660]

Interfaces and Bridging

• Fast switching HDLC is not enabled on the PCbus [CSCdi21130]

IP Routing Protocols

• Basically, we run SPF on external LSA which has forwarding address pointing to address on our ethernet interface. But we happen to have a serial line with "ip unnumber <ethernet interface>". So, instead of choosing the ethernet as next hop, we choose the unnumbered interface instead. [CSCdi19270]

• The key in the ip ospf authentication-key key is shown as plain text in the config file, which make the key exposed to unauthorized access easily.

  This fix has an effect on the appearance of ip ospf authentication-key key command in the config file of 10.0.
  

  The fix cause the key to be encrypted if service password-encryption is enabled as in the case of password of enable password password .
  

  If service password-encryption is enabled, the user will see the line ip ospf authentication 7 encrypted-key in the config file instead. [CSCdi19339]
  

• OSPF crashes in db_install, receiving an old self-originated LSA. This happens when the box received an old router LSA (with the same router ID that it is using) generated by itself in the past, that had already been deleted from the database. We call db_add_lsa() to handle this old self-originated LSA for all type of LSA, except for router LSA. [CSCdi19826]

• The 'no ip source-route' command doesn't cause the system to discard any IP datagram containing a source-route option. [CSCdi19973]

• When different sessions on a router do a 'clear ip route *' and a 'sh ip route', the router crashes. [CSCdi20099]

• The 8-bytes-of-password argument in option authentication-key<NoBoldCmd> of the area (virtual-link) command is shown as plain text in the config file, which make the key exposed to unauthorized access easily.

  This fix has an effect on the appearance of 8-bytes-of-password of the area (virtual-link)command in the config file of 10.0.
  

  The fix cause the 8-bytes-of-password to be encrypted if service password-encryption is enabled as in the case of password of the enable password password .
  

  If service password-encryption is enabled, the user will see the line area area-id virtual-line router-id authentication-key 7 encrypted-password in the config file instead. [CSCdi20217]
  

• BOOTP forwarding extensions to forward DHCP packets (as per RFC1542). [CSCdi20242]

• Support for the commands: 'ip gdp gdp', 'ip gdp irdp', 'ip gdp igrp', 'ip gdp rip' got completely left out. [CSCdi20504]

• IP recursive static routes cause flapping routing tables. [CSCdi20567]

• Due to load sharing, a packet from the same router might have a different source address. This may cause traceroute to return a single entry many times. [CSCdi20605]

• When there is a area area-id range address mask command configured on an OSPF area border router (ABR) and there is a network in that area which has address and mask exactly match the address and mask configured in the command, the range will not be advertised in a summary network LSA into other areas. The correct behavior is for an OSPF ABR to always advertise a summary network LSA for the configured range into other areas, if there is at least one network in that area that falls in that range.

  The work-around is to not configure area area-id range address mask command with the address and mask that matches the network in the area exactly. [CSCdi20934]